CVE-2021-21302 MEDIUM

CVE-2021-21302: CSV Injection via csv export

Vendor Prestashop
Product PrestaShop
Weakness CWE-78
Published February 26, 2021
Last update August 3, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2

Key dates

02Disclosure timeline

February 26, 2021 CVE published
August 3, 2024 Record updated